Business Context
ApexBank is reviewing internal design documents, vendor assessments, and incident reports before deploying a Generative AI assistant for employees. The security team wants an NLP system that automatically classifies each document or text snippet into the primary cybersecurity risk category so analysts can prioritize mitigation work.
Data
You are given a corpus of 180,000 labeled text records collected from security reviews, architecture notes, red-team findings, and policy exceptions.
- Task: classify each record into one primary risk category: Data Leakage, Prompt Injection, Unauthorized Access, Model Supply Chain, or Compliance/Privacy
- Text length: 20-900 words, median 140 words
- Language: English only
- Label distribution: moderately imbalanced; Data Leakage and Compliance/Privacy together make up ~55% of records
- Noise: records may include URLs, ticket IDs, code blocks, log fragments, and duplicated boilerplate
Success Criteria
A good solution should achieve macro-F1 ≥ 0.82, with recall ≥ 0.90 for Data Leakage and Prompt Injection, since missing these risks is costly. The model should support batch scoring and near-real-time inference for analyst workflows.
Constraints
- Inference latency should be <150 ms per document on CPU for typical inputs
- The solution must run in a private enterprise environment
- Predictions should be explainable enough for security analysts to audit
- Training should be feasible on a single modern GPU
Requirements
- Build a multi-class text classification pipeline for the five risk categories.
- Define a realistic preprocessing pipeline for noisy enterprise security text.
- Implement a modern Python solution, including tokenization, training, and evaluation.
- Explain how you would handle class imbalance and ambiguous records.
- Describe how you would evaluate model quality and perform error analysis before deployment.
